[squid-dev] [PATCH] Allow unlimited LDAP search filter for ext_ldap_group_acl helper

Amos Jeffries squid3 at treenet.co.nz
Tue Nov 3 08:29:33 UTC 2015

On 2/11/2015 11:47 p.m., Tsantilas Christos wrote:
> Hi all,
> The LDAP search filter in ext_ldap_group_acl is limited to 256
> characters. In some environments the user DN or group filter can be
> larger than this limitation.
> This patch uses dynamic allocated buffers for LDAP search filters.
> This is a Measurement Factory project


* please add the new stdlib #include's alphabetically in that list if

* ldap_escape_value() would be simpler with C++11 syntax:

  std::stringstream str;
  for (const auto &c : src) {
      escape_character(c, str);
  return str.str();

- at which point there is actually no need for the escape_character()
function to exist. The switch can be re-inlined to the loop body to
further reduce the code.

* please do not use C-style casting in new code.
 - I see at least "(int)c" in the escape_character() function.

* in searchLDAPGroup()
 - s/searchbase =build_searchbase/searchbase = build_searchbase/

* Please use std::cerr in C++'ified code
 - fprintf(stderr,... still being used in new/updated code of searchLDAP()


More information about the squid-dev mailing list